httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lewis Hoffman" <le...@grasscommons.org>
Subject Re: [users@httpd] reverse proxy fails on uri escape sequences
Date Wed, 28 Jun 2006 17:59:35 GMT
ahh, thank you thank you thank you :-)

On 6/28/06, Joshua Slive <joshua@slive.ca> wrote:
>
> On 6/27/06, Lewis Hoffman <lewis@grasscommons.org> wrote:
> > Hello,
> >
> >  I'm running a reverse proxy in apache-2.0.54
> > For most urls, it's working great.  However, some URI escape sequences
> cause
> > 404s from apache.  It seems as if they never get to the rewrite rule.
> >
> > For example, these two URLs:
> > 1) http://wagon.grasscommons.org/c/wiki/new/thisthat
> > 2) http://wagon.grasscommons.org/c/wiki/new/this%2Fthat
> >
> > access log entries for the two requests, respectively:
> >
> > 67.42.179.239 - - [27/Jun/2006:15:13:49 -0700] "GET /c/wiki/new/thisthat
> > HTTP/1.1" 200 2404 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US;
> > rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2)"
> >  67.42.179.239 - - [27/Jun/2006:15:13:20 -0700] "GET
> /c/wiki/new/this%2Fthat
> > HTTP/1.1" 404 218 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US;
> > rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2)"
>
> Try this:
> http://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes
>
> Encoded slashes are not allowed by default because they can be used to
> trick some scripts into disclosing protected content.  (Although that
> seems like a pretty weak explanation to me.  Lot's of other characters
> cause potential problems.)
>
> Joshua.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Lewis Hoffman
Grass Commons
lewis@grasscommons.org
541-343-1944

Mime
View raw message